Coredump

It's a weekend, I know, but I can't resist checking on Maui and opapa. Been checking the logs on opapa when I noticed login failures using accounts like 'test' and 'user'. Hmmm... These aren't standard Linux accounts. And no one else has SSH privileges on opapa. So I checked and did a whois on the culprit host. Traced it back to an ISP in Korea. Something's afoot. Turns out this incident is similar to those happening worldwide. In the security mailing lists I subscribe to, similar incidents have been cropping up. The recommended solution was to harden SSH. Already done that: no root logins. But that's not enough. Would have to implement RSA key logins. And notify the Boss, too.

With *nix, there's always a better way. As I was browsing the mailing lists, I came across an interesting thread about piping the output of find to tar through xargs . *Slaps my forehead.* Now, why didn't I think of that? So, given my problem with compressing SARG outputs, here's a single-line command that effectively does what I wanted to do with that convoluted script: # tar -czvf `date +%d%b%Y`.tar `date +%d%b%Y-%d%b%Y`/ This can be extended to run through several dates, probably in a for...in...`seq... code block.

SARG is running smoothly on Maui, spewing out HTML reports like clockwork. Since Maui doesn't have a web server, I had to download the SARG reports to my workstation for viewing, but not before tarring and gzipping these huge files first. ( See my coredump entry .) Noticed a few anomalous user access on weekends from user accounts that are supposedly not present during those times. Hmm... Sharing of passwords? Would have to take that up with the Boss. I would have wanted to correlate user IDs with IP addresses. Problem is, the proxy resides in the DMZ, and all traffic from the LAN is NATted in the firewall. Solution: place the proxy behind the firewall, in the LAN segment. Installed Mandrake 9.2 in my workstation. Not to my liking. Went back to booting from the Damn Small Linux CD.

One of my tasks in my new job is to monitor network usage, including internet access. The workplace implements Webmin authentication for the Squid proxy, i.e. users have to give their usernames and passwords before being allowed to access the internet. Lately, though, there have been reports of password-sharing and visiting of banned (read: pr0n and warez) sites. Monitoring was limited to user authentication, so in this case it wasn't enough. SARG to the rescue. I configured SARG to generate daily, weekly and monthly reports. I was surprised, though, at the sizes of the files it generated. Besides, I had no way of displaying the reports because the proxy server did not have a web server, and not even a browser. I also did not have physical access to the server, except through SSH. SARG was configured to output the daily reports to my home directory. From there, I can view individual HTML files but after a while, this seemed cumbersome. So I thought: why not write a script to com...

Here's an update on the antipixel-type buttons I posted here : they're now part of gtmcknight.com 's "More buttons to steal". W00t! So go ahead, steal them already.

USB flash drives -- the ubiquituous thingies that look a lot like keychains around people's necks nowadays -- are mounted much like SCSI disks in Linux. They are usually detected at boot up or when inserted, provided the proper modules are installed. So: Make sure the USB storage module is installed: # modprobe usb-storage Once that's done, and your USB drive is recognized, try to look up the device either in dmesg or # tail /var/log/messages It should be something like " /dev/sda1 ". Mount it the usual way: # mount /dev/sdax /mnt/<your mountpoint> Or, if you want to avoid having to sudo every time you access the drive, edit your /etc/fstab to contain the following: /dev/sda1 /mnt/usb vfat noauto,rw,user 0 0 Create a mount directory and chown it, then mount and unmount the drive the normal way.

00100111 01010100 01101000 01100101 01110010 01100101 00100000 01100001 01110010 01100101 00100000 00110001 00110000 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00100000 01101001 01101110 00100000 01110100 01101000 01100101 00100000 01110111 01101111 01110010 01101100 01100100 00111010 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01100011 01100001 01101110 00100000 01110010 01100101 01100001 01100100 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00101100 00100000 01100001 01101110 01100100 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01100100 01101111 01101110 00100111 01110100 00101110 00100111

A.K.A. "Los Baños". Last time I've been there, it was way way back in 1996 -- long time, longer story. Now I'm back, but only for a while. I recently attended a training on content development for the Open Academy for Philippine Agriculture in the International Rice Research Institute. A worthy endeavor, that one. So-called the "Farmer's Internet" (don't know about the styling but this one seems appropriate, given its grand scheme), the Open Academy is envisioned to leverage technology in reaching out to farmers in the countryside and bootstrapping Philippine agriculture to where it once was 30 years ago -- at the top. While it's a worthy undertaking, it will need sustainability and the will to push it through. Besides that, the internet being as it is, it is going to entail some huge paradigm shifts. Policy makers are in for a surprise if they think that the net is the end-all and be-all of the country's agricultural woes. They must n...

Back from the training on content development for the Open Academy at the International Rice Research Institute (IRRI), UP Los Baños. The workshops consisted of developing the e-learning component of the Open Academy. The participants were divided into two groups: the content writers and the web developers. In the web developers group, we evaluated the current site, laid out the site architecture, and designed the e-learning modules. We had to come up with a unified scheme that allows for expansion, usability and accessibility. I pushed for a CSS-based and standards-compliant design, and sold the idea that this would facilitate modularity of not only the e-learning component but the whole site as well. The workshop outputs are here . We will have to wait for the go-signal to retool the whole site.

(I had to leave for a few days and settle accountabilities at my former workplace.) I'm going to be the site maintainer of the Open Academy for Philippine Agriculture . So I got me root access, and did the usual stuff: disabled root logins, added my own account, and added it to the sudoers file. The Open Academy server, opapa, has vsftpd for uploading web files. Nice. I created a non-shell account that can log on to FTP. This is for files that are set for publication. The site is a bit rough, though. No matter, it is up for a redesign anyway. Also checked for open ports in opapa. None that can't be plugged. Back to surveying the network. Tomorrow, I'm off to training.

Er, not really. Just trying to find out what sites are frequently visited, then attempt to tune the proxy to efficiently cache these sites. Eherm. Dowloaded squidview to Maui. It's a nice real-time Squid access.log viewer, with reports even for individual users, etc. But it's not really what I need. I want cumulative reports on top sites and users, how long users stay on a site, what sites are denied, where does the proxy miss, stuff like that. Downloaded and installed SARG -- the Squid Analysis and Report Generator . I edited the SARG cron entries to email daily reports to me and set the weekly and monthly reports as HTML. Note that these scheduled jobs are to be run as root. Gave SARG a test run, looking fine, generated a report for the day. Cool. For the rest of the day, I tried to make sense of the network infrastructure. The place has 11 servers (Web, mail, LDAP, SMS, AV, PDC, SQL), six of which run Linux (from RH7.3 to RH9). It has two leased line connections, one from...

Problem: internet access on the network is getting slow. Possible causes: a filled-up proxy cache; lots of users accessing at the same time; a poorly tuned cache. Solution: tune the proxy. Requested for a user account to the proxy server. Her name's Maui -- the proxy, that is. Turns out the current admins access Maui as root. Bad, bad. So I made off with the user account, asked for the root account and promptly disabled SSH login through it, create a sudoers file, added my user account to the wheel group, and enabled that group to sudo . Back at my workstation, I fired up puTTY SSH (nice tool, puTTY -- will try to do a review on it later on) and got into Maui. (Er, for the feminists out there, I'd like to remind you that the naming conventions of the servers are not mine. I would have preferred "Liv" or "Natalie" or even "Paris". *shrugs*) The squid.conf looks pretty lean, but the cache_mem directive is a bit too large, so I set it down. The A...

The sun was up when I stepped out of the shuttle service vehicle. It was my first day at work; I was early; things were looking up. After less than a month of applying for this new job, taking the exams-and-interviews route, and actually getting it, I've finally made it here. My contract terms-of-reference include management of several servers, maintenance of a website, evaluation of open source content management systems, and the eventual redesign of the corporate intranet. (The pay was less than what I expected, but to be fair, I'd go for this one because of several other factors other than compensation.) So I tucked in to my cubicle -- sheesh! after copious readings of Dilbert, I end up cooped in one! -- and set up my workstation. Nothing much: it's got Windows XP on a Pentium 4 with 1GB memory and a 40GB hard disk. Will have to repartition the hard disk and install Linux for dual boot. (I miss my Compaq Evo desktop with a TFT monitor, though.) Alrighty then: everything ...

" Brainbench is offering all tests for free from 1 - 14 July 2004," read an email. I have nearly forgotten having a Brainbench account until that message. But at the words "FREE" and "ALL", I swiftly clicked on the given link and opened it on a new tab. Nothing like freebies to get me going. (I completely forgot my Brainbench account password so I had to have it mailed to me, but after that, I was in.) Hmmm... what tests to take? I proceeded to their Job Role Center to select a exam track for particular job roles. "Network Administrator" and "Web Administrator" sounded nice, so... A couple of exams later, tadah! Whew! I was hot! Funny how Google comes through when you're in a bit of a conundrum. Hehe. Now, I'm not implying that I cheated. It did say in the exams that I can consult online or print documentation, but I only did that when I had head-scratchers, like "What is the advantage of RIP version 2 over the first one?...